Over 350 Total Lots Up For Auction at Two Locations - NY 03/21, FL 03/22

Baystate Health hit by 'phishing' attack

by Thomas Dworetzky, Contributing Reporter | October 27, 2016
Health IT Risk Management
Another day, another patient-privacy cybercrime.

Baystate Health in Massachusetts announced this week that on August 22, it “learned that a phishing email had been sent to several Baystate employees allowing hackers to access some employees’ email accounts.”

The email looked like a regular “internal Baystate memo to employees.”

Email accounts were secured when the breach was discovered and an investigation begun.

In total, five Baystate employees responded to the email — which let hackers gain access to their accounts. Information on 13,000 patients was contained in the emails exposed to the cyber-invaders.

“What we need to do and what we can do every day going forward, is train and retrain, and educate and reeducate our workforce,” Baystate Health Media Spokesman Brendan Monahan told WWLP news following the incident. “So when one of these phishing attacks comes in, they know what it looks like and they’re not tempted to click on it.”

“While we have no evidence that any patient information has been taken or misused, we want to assure our patients that we take this incident very seriously,” said Baystate, adding that the hackers may have had access to patients’ names, birth dates, diagnosis, treatment received, medical record number and, in some instances, health insurance identification number.

No Social Security numbers, credit card numbers or other financial information was exposed and no patient medical records were accessed.

Letters were sent Oct. 21 to those possibly affected.

This is just the latest in an ongoing cyber-assault on health care providers.

In August, Arizona-based Banner Health reported that a massive data hack beginning June 17 had affected the records of as many as 3.7 million individuals who were patients, health insurance plan members, food and drink customers, doctors, and others.

The attack was unearthed by Banner on July 7, 2016, when it determined that attackers may have gained unauthorized access to computer systems that process payment card data at food and beverage outlets at some Banner Health locations.

“The attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems,” Banner stated.

In February, Hollywood Presbyterian Medical Center in Los Angeles paid hackers $17,000 ransom to reclaim its computer network after an attack.

You Must Be Logged In To Post A Comment